Blogger hole allows attacker to gain admin privileges.

Enigma Group's Hacking Forum

User Info

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 23, 2013, 02:52:50 AM

News

Mission Problems? Read up on things that can go wrong.

Forum Stats

40390 Posts in 4962 Topics by 25945 Members
Latest Member: cocopuffs235

Enigma Group's Hacking Forum | General | General Computing | Hacking News | Blogger hole allows attacker to gain admin privileges.

« previous next »

Pages: [1]

Author

Topic: Blogger hole allows attacker to gain admin privileges. (Read 504 times)

modded-account

Veteran

Offline

Posts: 1140

Respect: +4

modded-account's avatar.

Blogger hole allows attacker to gain admin privileges.

« on: March 15, 2011, 04:39:04 PM »

Blogger has a vuln that allows an attacker give himself administrative privileges. The vuln is due to a HTTP Parimeter Pollution hole. The server checks the first blogid value in the post request then executes the second one: the attacker one.

Code: [Select]

http://marcoramilli.blogspot.com/2011/03/hot-to-gain-administrative-privileges.html


« Last Edit: March 15, 2011, 04:42:19 PM by modded-account »	Logged

Psiber_Syn

Global Moderator
Post Junkie

Offline

Posts: 567

Respect: +2

⎝⏠⏝⏠⎠ (ಠ ›ಠ) Stewie

Re: Blogger hole allows attacker to gain admin privileges.

« Reply #1 on: March 15, 2011, 11:25:17 PM »

this has been confirmed and patched by the google security team on 3/13/11

sorry guys but still gives ideas for further exploit

heres the author "Nir's" site explaining it
http://www.nirgoldshlager.com/2011/03/blogger-get-administrator-privilege-on.html